Excessive Connections issues

The Far SideThe Far Side __BANNED USERS regular
edited November 2009 in Help / Advice Forum
I'm on my University's network in my dorm room, and more and more recently, I've been getting throttled to external internet because of
Current Status:Your IP address is in the ResNet Penalty Box because you have exceeded a limit of 3000 connections (flows) to other hosts/sources. To correct this, please reduce the number of active uploads/downloads. Your current status: excessive flows (4824 active flows).

How can I have this many connections? I've scanned my computer for spyware (nothing there), I don't have torrents running, and all I have open is AIM, MSN, Steam, Ventrilo, and Firefox.

What could be causing this?

The Far Side on

Posts

  • eternalbleternalbl Registered User
    edited November 2009
    Are you sharing a connection via router with a roommate?

    eternalbl on
    eternalbl.png
  • The Far SideThe Far Side __BANNED USERS regular
    edited November 2009
    Nope, everybody in my flat has their own direct internet connection.

    The Far Side on
  • wmelonwmelon Registered User regular
    edited November 2009
    If you're running windows, you can run netstat -s from a command prompt and it will tell you how many current connections you have open. If it indeed shows that many current connections you can use netstat -ab to get the Process ID of the offending process.

    wmelon on
  • PirateJonPirateJon Registered User regular
    edited November 2009
    Rather than mess with netstat, you can use TCPView. Same info, easier to understand format.
    http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

    You can run it right from the browser by going here:
    http://live.sysinternals.com/Tcpview.exe

    PirateJon on
    all perfectionists are mediocre in their own eyes
  • vonPoonBurGervonPoonBurGer Registered User regular
    edited November 2009
    I don't have torrents running
    Did you have torrents running recently? Firewalls will normally maintain a list of open NAT (network address translation) connections for quite a while; exactly how long depends on the firewall's configuration. Unless the firewall sees a TCP FIN packet on that connection it's kept in the tracking list until the configured timeout is reached. Many torrent clients are notoriously bad at sending FIN packets to close their connections, so if you were torrenting recently and the firewall has a long timeout period then that could easily explain where all those stale connections came from.

    If you owned the firewall I'd advise you to reduce the connection timeout to something sane like 10 minutes (I mean really, if a connection hasn't seen a packet in 600 seconds then it's dead, dump it from the list already!). Since you don't have any administrative control in this instance, your best bet if you're torrenting is to reduce the number of connections your client will open. Of course, if you don't run torrents ever then this advice is meaningless. Wmelon & PirateJon's advice should help you find the offending software if that's the case.

    vonPoonBurGer on
    Xbox Live:vonPoon | PSN: vonPoon | Steam: vonPoonBurGer
  • The Far SideThe Far Side __BANNED USERS regular
    edited November 2009
    PirateJon wrote: »
    Rather than mess with netstat, you can use TCPView. Same info, easier to understand format.
    http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

    You can run it right from the browser by going here:
    http://live.sysinternals.com/Tcpview.exe

    Okay, I just tried this (when I am not getting any excessive flows errors) and these are my results:
    [System Process]:0	TCP	Skynet:49202	localhost:49203	TIME_WAIT	
    [System Process]:0	TCP	Skynet:49203	localhost:49202	TIME_WAIT	
    [System Process]:0	TCP	skynet.ubc.ca.:51447	a142-231-1-167.deploy.akamaitechnologies.com:http	TIME_WAIT	
    AppleMobileDeviceService.exe:1960	TCP	Skynet:27015	Skynet:0	LISTENING	
    AppleMobileDeviceService.exe:1960	TCP	Skynet:27015	localhost:49168	ESTABLISHED	
    firefox.exe:3284	TCP	Skynet:51451	localhost:51452	ESTABLISHED	
    firefox.exe:3284	TCP	Skynet:51452	localhost:51451	ESTABLISHED	
    firefox.exe:3284	TCP	skynet.ubc.ca.:51453	pw-in-f100.1e100.net:http	ESTABLISHED	
    firefox.exe:3284	TCP	Skynet:51454	localhost:51455	ESTABLISHED	
    firefox.exe:3284	TCP	Skynet:51455	localhost:51454	ESTABLISHED	
    firefox.exe:3284	TCP	skynet.ubc.ca.:51456	pz-in-f106.1e100.net:http	ESTABLISHED	
    firefox.exe:3284	TCP	skynet.ubc.ca.:51457	pz-in-f104.1e100.net:http	ESTABLISHED	
    firefox.exe:3284	TCP	skynet.ubc.ca.:51458	pz-in-f100.1e100.net:http	ESTABLISHED	
    firefox.exe:3284	TCP	skynet.ubc.ca.:51459	pz-in-f138.1e100.net:http	ESTABLISHED	
    firefox.exe:3284	TCP	skynet.ubc.ca.:51460	74.125.15.39:http	ESTABLISHED	
    iTunesHelper.exe:3788	TCP	Skynet:49168	localhost:27015	ESTABLISHED	
    lsass.exe:664	TCP	Skynet:49155	Skynet:0	LISTENING	
    lsass.exe:664	TCPV6	skynet:49155	skynet:0	LISTENING	
    mDNSResponder.exe:1984	TCP	Skynet:5354	Skynet:0	LISTENING	
    mDNSResponder.exe:1984	UDP	skynet:5353	*:*		
    mDNSResponder.exe:1984	UDP	skynet.ubc.ca.:5353	*:*		
    mDNSResponder.exe:1984	UDP	Skynet:58621	*:*		
    mDNSResponder.exe:1984	UDP	Skynet:60982	*:*		
    mDNSResponder.exe:1984	UDPV6	skynet:58622	*:*		
    pidgin.exe:4612	TCP	skynet.ubc.ca.:49214	by2msg1010614.gateway.edge.messenger.live.com:msnp	ESTABLISHED	
    pidgin.exe:4612	TCP	skynet.ubc.ca.:49216	bos-m024c-sdr2.blue.aol.com:5190	ESTABLISHED	
    pidgin.exe:4612	TCP	skynet.ubc.ca.:49218	oam-d05a.blue.aol.com:5190	ESTABLISHED	
    pidgin.exe:4612	TCP	skynet.ubc.ca.:49219	buddychat-m02b.blue.aol.com:5190	ESTABLISHED	
    pidgin.exe:4612	TCP	skynet.ubc.ca.:51061	205.188.13.32:5190	ESTABLISHED	
    pidgin.exe:4612	UDP	Skynet:51330	*:*		
    pidgin.exe:4612	UDP	Skynet:51331	*:*		
    pidgin.exe:4612	UDP	Skynet:51334	*:*		
    pidgin.exe:4612	UDP	Skynet:51335	*:*		
    pidgin.exe:4612	UDP	Skynet:51344	*:*		
    pidgin.exe:4612	UDP	Skynet:51345	*:*		
    pidgin.exe:4612	UDP	Skynet:55440	*:*		
    pidgin.exe:4612	UDP	Skynet:55441	*:*		
    pidgin.exe:4612	UDP	Skynet:58256	*:*		
    pidgin.exe:4612	UDP	Skynet:58257	*:*		
    pidgin.exe:4612	UDP	Skynet:59283	*:*		
    pidgin.exe:4612	UDP	Skynet:59284	*:*		
    pidgin.exe:4612	UDP	Skynet:59287	*:*		
    pidgin.exe:4612	UDP	Skynet:59288	*:*		
    pidgin.exe:4612	UDP	Skynet:59325	*:*		
    pidgin.exe:4612	UDP	Skynet:59326	*:*		
    pidgin.exe:4612	UDP	Skynet:59329	*:*		
    pidgin.exe:4612	UDP	Skynet:59330	*:*		
    pidgin.exe:4612	UDP	Skynet:59333	*:*		
    pidgin.exe:4612	UDP	Skynet:59334	*:*		
    pidgin.exe:4612	UDP	Skynet:64033	*:*		
    pidgin.exe:4612	UDP	Skynet:64034	*:*		
    PnkBstrA.exe:2132	UDP	Skynet:44301	*:*		
    PnkBstrB.exe:2156	UDP	Skynet:45301	*:*		
    services.exe:652	TCP	Skynet:49162	Skynet:0	LISTENING	
    services.exe:652	TCPV6	skynet:49162	skynet:0	LISTENING	
    Skype.exe:3120	TCP	Skynet:http	Skynet:0	LISTENING	
    Skype.exe:3120	TCP	Skynet:https	Skynet:0	LISTENING	
    Skype.exe:3120	TCP	Skynet:33173	Skynet:0	LISTENING	
    Skype.exe:3120	TCP	skynet.ubc.ca.:49603	d207-6-77-200.bchsia.telus.net:31406	ESTABLISHED	
    Skype.exe:3120	UDP	Skynet:https	*:*		
    Skype.exe:3120	UDP	Skynet:33173	*:*		
    Skype.exe:3120	UDP	Skynet:56415	*:*		
    Steam.exe:3420	UDP	Skynet:53183	*:*		
    Steam.exe:3420	UDP	Skynet:59371	*:*		
    svchost.exe:1120	UDP	Skynet:llmnr	*:*		
    svchost.exe:1120	UDPV6	skynet:5355	*:*		
    svchost.exe:2168	TCP	Skynet:49156	Skynet:0	LISTENING	
    svchost.exe:2168	TCPV6	skynet:49156	skynet:0	LISTENING	
    svchost.exe:248	TCP	Skynet:49154	Skynet:0	LISTENING	
    svchost.exe:248	UDP	Skynet:isakmp	*:*		
    svchost.exe:248	UDP	Skynet:ipsec-msft	*:*		
    svchost.exe:248	UDP	Skynet:63413	*:*		
    svchost.exe:248	UDP	Skynet:63414	*:*		
    svchost.exe:248	TCPV6	skynet:49154	skynet:0	LISTENING	
    svchost.exe:248	UDPV6	skynet:500	*:*		
    svchost.exe:608	UDP	Skynet:ntp	*:*		
    svchost.exe:608	UDP	skynet:ssdp	*:*		
    svchost.exe:608	UDP	Skynet:ssdp	*:*		
    svchost.exe:608	UDP	skynet.ubc.ca.:ssdp	*:*		
    svchost.exe:608	UDP	Skynet:3702	*:*		
    svchost.exe:608	UDP	Skynet:3702	*:*		
    svchost.exe:608	UDP	skynet.ubc.ca.:54773	*:*		
    svchost.exe:608	UDP	skynet:54774	*:*		
    svchost.exe:608	UDP	Skynet:54775	*:*		
    svchost.exe:608	UDP	Skynet:58619	*:*		
    svchost.exe:608	UDPV6	skynet:123	*:*		
    svchost.exe:608	UDPV6	[0:0:0:0:0:0:0:1]:1900	*:*		
    svchost.exe:608	UDPV6	[fe80:0:0:0:0:100:7f:fffe]:1900	*:*		
    svchost.exe:608	UDPV6	[fe80:0:0:0:7913:be2d:9ca1:7ed1]:1900	*:*		
    svchost.exe:608	UDPV6	[fe80:0:0:0:d9a7:2c:d718:5089]:1900	*:*		
    svchost.exe:608	UDPV6	skynet:3702	*:*		
    svchost.exe:608	UDPV6	skynet:3702	*:*		
    svchost.exe:608	UDPV6	[fe80:0:0:0:d9a7:2c:d718:5089]:54769	*:*		
    svchost.exe:608	UDPV6	[fe80:0:0:0:7913:be2d:9ca1:7ed1]:54770	*:*		
    svchost.exe:608	UDPV6	[0:0:0:0:0:0:0:1]:54771	*:*		
    svchost.exe:608	UDPV6	[fe80:0:0:0:0:100:7f:fffe]:54772	*:*		
    svchost.exe:608	UDPV6	skynet:58620	*:*		
    svchost.exe:900	TCP	Skynet:epmap	Skynet:0	LISTENING	
    svchost.exe:900	TCPV6	skynet:135	skynet:0	LISTENING	
    svchost.exe:984	TCP	Skynet:49153	Skynet:0	LISTENING	
    svchost.exe:984	TCPV6	skynet:49153	skynet:0	LISTENING	
    System:4	TCP	skynet:netbios-ssn	Skynet:0	LISTENING	
    System:4	TCP	skynet.ubc.ca.:netbios-ssn	Skynet:0	LISTENING	
    System:4	TCP	Skynet:microsoft-ds	Skynet:0	LISTENING	
    System:4	TCP	Skynet:icslap	Skynet:0	LISTENING	
    System:4	TCP	Skynet:5357	Skynet:0	LISTENING	
    System:4	UDP	skynet:netbios-ns	*:*		
    System:4	UDP	skynet.ubc.ca.:netbios-ns	*:*		
    System:4	UDP	skynet:netbios-dgm	*:*		
    System:4	UDP	skynet.ubc.ca.:netbios-dgm	*:*		
    System:4	TCPV6	skynet:445	skynet:0	LISTENING	
    System:4	TCPV6	skynet:2869	skynet:0	LISTENING	
    System:4	TCPV6	skynet:5357	skynet:0	LISTENING	
    wininit.exe:596	TCP	Skynet:49152	Skynet:0	LISTENING	
    wininit.exe:596	TCPV6	skynet:49152	skynet:0	LISTENING	
    
    This is what my system looks like normally, I guess. That isn't too bad. I'll post the report once I get capped for having too many connections and then maybe we can pick out what processes shouldn't be there?

    The Far Side on
  • The Far SideThe Far Side __BANNED USERS regular
    edited November 2009
    http://docs.google.com/Doc?docid=0ARlyRy9ULxkLZGYzejR6cnJfMGRocTRuNnFm&hl=en

    (linked because its too big to post)

    This is apparently enough to get me over my cap! What the hell is this 'System Process 0'? I tried to end it through that program you gave me and it didn't seem to do anything :/

    The Far Side on
Sign In or Register to comment.